[krbdev.mit.edu #8981] Documentation__krb5.conf
Ulf Bremer via RT
rt-comment at krbdev.mit.edu
Mon Jan 25 10:11:26 EST 2021
Mon Jan 25 10:11:26 2021: Request 8981 was acted upon.
Transaction: Ticket created by ubremer at juniper.net
Queue: krb5
Subject: Documentation__krb5.conf
Owner: Nobody
Requestors: ubremer at juniper.net
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8981 >
Hi,
I can't get my head around how the following can be consistent / right:
"
[domain_realm]
The [domain_realm] section provides a translation from a domain name or hostname to a Kerberos realm name. The tag name can be a host name or domain name, where domain names are indicated by a prefix of a period (.).
...
[domain_realm]
crash.mit.edu = TEST.ATHENA.MIT.EDU < --- according to the above a host
.dev.mit.edu = TEST.ATHENA.MIT.EDU < --- according to the above a domain
mit.edu = ATHENA.MIT.EDU < --- according to the above a _host_
... dev.mit.edu ... is matched by the third entry, which maps the host mit.edu and _all hosts under the domain mit.edu_ ... into the realm ATHENA.MIT.EDU.
"
How can a non-domain (as it doesn't start with a . ) apply to "all hosts under the domain"? Any clarification would be much appreciated.
Regards
Ulf
Juniper Business Use Only
More information about the krb5-bugs
mailing list